Sender: |
|
Date: |
Tue, 13 Nov 2007 16:51:14 -0600 |
MIME-version: |
1.0 |
Reply-To: |
|
Content-type: |
text/plain; format=flowed; charset=ISO-8859-1 |
Subject: |
|
From: |
|
Content-transfer-encoding: |
7BIT |
Comments: |
|
Parts/Attachments: |
|
|
Synopsis: Moderate: conga security, bug fix, and enhancement update
Issue date: 2007-11-07
CVE Names: CVE-2007-4136
A flaw was found in ricci during a code audit. A remote attacker who is
able to connect to ricci could cause ricci to temporarily refuse additional
connections, a denial of service (CVE-2007-4136).
Fixes in this updated package include:
* The nodename is now set for manual fencing.
* The node log no longer displays in random order.
* A bug that prevented a node from responding when a cluster was deleted is
now fixed.
* A PAM configuration that incorrectly called the deprecated module
pam_stack was removed.
* A bug that prevented some quorum disk configurations from being accepted
is now fixed.
* Setting multicast addresses now works properly.
* rpm -V on luci no longer fails.
* The user interface rendering time for storage interface is now faster.
* An error message that incorrectly appeared when rebooting nodes during
cluster creation was removed.
* Cluster snaps configuration (an unsupported feature) has been removed
altogether to prevent user confusion.
* A user permission bug resulting from a luci code error is now fixed.
* luci and ricci init script return codes are now LSB-compliant.
* VG creation on cluster nodes now defaults to "clustered".
* An SELinux AVC bug that prevented users from setting up shared storage on
nodes is now fixed.
* An access error that occurred when attempting to access a cluster node
after its cluster was deleted is now fixed.
* IP addresses can now be used to create clusters.
* Attempting to configure a fence device no longer results in an
AttributeError.
* Attempting to create a new fence device to a valid cluster no longer
results in a KeyError.
* Several minor user interface validation errors have been fixed, such as
enforcing cluster name length and fence port, etc.
* A browser lock-up that could occur during storage configuration has been
fixed.
* Virtual service creation now works without error.
* The fence_xvm tag is no longer misspelled in the cluster.conf file.
* Luci failover forms are complete and working.
* Rebooting a fresh cluster install no longer generates an error message.
* A bug that prevented failed cluster services from being started is now
fixed.
* A bug that caused some cluster operations (e.g., node delete) to fail on
clusters with mixed-cased cluster names is now fixed.
* Global cluster resources can be reused when constructing cluster
services.
Enhancements in this updated package include:
* Users can now access Conga through Internet Explorer 6.
* Dead nodes can now be evicted from a cluster.
* Shared storage on new clusters is now enabled by default.
* The fence user-interface flow is now simpler.
* A port number is now shown in ricci error messages.
* The kmod-gfs-xen kernel module is now installed when creating a cluster.
* Cluster creation status is now shown visually.
* User names are now sorted for display.
* The fence_xvmd tag can now be added from the dom0 cluster nodes.
* The ampersand character (&) can now be used in fence names.
* All packaged files are now installed with proper owners and permissions.
* New cluster node members are now properly initialized.
* Storage operations can now be completed even if an LVM snapshot is
present.
* Users are now informed via dialog when nodes are rebooted as part of a
cluster operation.
* Failover domains are now properly listed for virtual services and
traditional clustered services.
* Luci can now create and distribute keys for fence_xvmd.
SL 5.x
SRPMS:
conga-0.10.0-6.el5.src.rpm
i386:
luci-0.10.0-6.el5.i386.rpm
ricci-0.10.0-6.el5.i386.rpm
cluster-cim-0.10.0-5.el5.i386.rpm
cluster-snmp-0.10.0-5.el5.i386.rpm
modcluster-0.10.0-5.el5.i386.rpm
x86_64:
luci-0.10.0-6.el5.x86_64.rpm
ricci-0.10.0-6.el5.x86_64.rpm
cluster-cim-0.10.0-5.el5.x86_64.rpm
cluster-snmp-0.10.0-5.el5.x86_64.rpm
modcluster-0.10.0-5.el5.x86_64.rpm
-Connie Sieh
-Troy Dawson
|
|
|